If Windows XP SP2 firewall service is set to manual or disabled when Windows XP SP3 is applied, the Windows Firewall/Internet Connection Sharing (ICS) service and Security Cetner service will be changed to automatic startup.  This behavior is by design, for the purpose of increasing the security of Windows XP.

Related Posts

• Howto: Do not display the name of the user who has locked a Windows computer or server
• Running the Groupwise 7 Monitor Agent as a Windows Service
• Fix: The error returned when trying to retrieve these settings from the local security policy database (%windir%\security\database\secedit.sdb) was: The parameter is incorrect
• Microsoft Advanced Group Policy Management (AGPM) 3.0 has been RTMd – and why you should care
• How much free disk space do I need to install Windows XP SP3?

Everytime I setup a Microsoft 2003 Small Business Server or troubleshoot connectivity problems to the SBS server I have to lookup the ports that are required to pass through a firewall for proper communication to occur with the various SBS components.  Since I’m tired of Googling for them, I’ve decided to post them here for my quick reference.  Hopefully others will find this helpful as well:

SBS firewall ports

SMTP - port 25 – email

http - port 80 – web server including wwwroot and server usage and performance reports

https – port 443 – secure web server.  Includes OWA and OMA

Windows SharePoint Services intranet site – port 444 for allowing users to securely access the intranet Web site created by SharePoint Services from the Internet

PPTP - port 1723 – VPN connections

Remote Web Workplace (RWW)  - ports 443 and 4125

Remote Desktop (RDP direct) – port 3389.  If using RDP through RWW this is not required.

Other SBS ports

POP3 – port 110

IMAP – port 143

IMAPs – port 993

FTP – port 21

Related Posts

• Windows Server 2008 Firewall Ports
• Windows XP firewall service is enabled after installing XP SP3 – even if it was previously disabled
• Howto: Fix Remote Web Workplace not working with XP SP3
• Windows Server Firewall Exceptions for Remote Administration Tools
• Howto: Extend the Grace Period for having two SBS Servers in the Same Domain

Microsoft has a web page that lists the various tools you can use to remotely administer a Windows Server system. The page lists each remote administration tool and the steps that are required to successfully use the tool with the Windows Firewall service enabled on the local or remote machine.

Firewall configuration details for the following remote administration tools are provided:

• Active Directory Domains and Trusts (Windows Firewall: domain)
• Active Directory Management (Windows Firewall: admgmt)
• Active Directory Schema Management (Windows Firewall: schmmgmt)
• Active Directory Sites and Services (Windows Firewall: dssite)
• Active Directory Users and Computers (Windows Firewall: dsa)
• Authorization Manager (Windows Firewall: azman)
• Certificate Templates (Windows Firewall: certtmpl)
• Certificates (Windows Firewall: certmgr)
• Certification Authority (Windows Firewall: certsrv)
• Certutil command (Windows Firewall: certutil)
• Cluster Administrator (Windows Firewall: cluadmin)
• Cluster command (Windows Firewall: cluster)
• Component Services (Windows Firewall: comexp)
• Computer Management (Windows Firewall: compmgmt)
• Connection Manager Administration Kit Binaries (Windows Firewall: cmbins)
• Connection Manager Administration Kit Wizard (Windows Firewall: cmak)
• Device Manager (Windows Firewall: devmgr)
• Dfscmd command (Windows Firewall: dfscmd)
• DHCP (Windows Firewall: dhcpmgmt)
• Directory Service Utilities (Windows Firewall: ntdsutil)
• Disk Defragmenter (Windows Firewall: dfrg)
• Disk Management (Windows Firewall: diskmgmt)
• Distributed File System (Windows Firewall: dfsgui)
• DNS Management (Windows Firewall: dnsmgmt)
• Dsadd command (Windows Firewall: dsadd)
• Dsget command (Windows Firewall: dsget)
• Dsmod command (Windows Firewall: dsmod)
• Dsmove command (Windows Firewall: dsmove)
• Dsquery command (Windows Firewall: dsquery)
• Dsrm command (Windows Firewall: dsrm)
• Event Viewer (Windows Firewall: eventvwr)
• Fax client console (Windows Firewall: fxsclnt)
• Fax Service Manager (Windows Firewall: fxsadmin)
• File Server Management (Windows Firewall: filesvr)
• Group Policy Object Editor (Windows Firewall: gpedit)
• IIS Application Management script (Windows Firewall: iisapp)
• IIS Backup script (Windows Firewall: iisback)
• IIS Configuration script (Windows Firewall: iiscnfg)
• IIS FTP script (Windows Firewall: iisftp)
• IIS FTP Virtual Directory script (Windows Firewall: iisftpdr)
• IIS Help script (Windows Firewall: iisschlp)
• IIS Service Extension script (Windows Firewall: iisext)
• IIS Virtual Directory script (Windows Firewall: iisvdir)
• IIS Web Management script (Windows Firewall: iisweb)
• Indexing Service (Windows Firewall: ciadv)
• Internet Authentication Service (Windows Firewall: iasmsc)
• Internet Information Services (IIS) Manager (Windows Firewall: iis)
• IP Security Monitor (Windows Firewall: ipsecmon)
• IP Security Policies (Windows Firewall: ipsecpol)
• Local Security Settings (Windows Firewall: secpol)
• Local Users and Groups (Windows Firewall: lusrmgr)
• Network Load Balancing Manager (Windows Firewall: nlbmgr)
• Network Monitor tools (Windows Firewall: netmon)
• Performance (Windows Firewall: perfmon)
• POP3 Service (Windows Firewall: p3server)
• Public Key Management (Windows Firewall: pkmgmt)
• Remote Desktops (Windows Firewall: tsmmc)
• Remote Storage (Windows Firewall: rsadmin)
• Removable Storage (Windows Firewall: ntmsmgr)
• Removable Storage Operator Requests (Windows Firewall: ntmsoprq)
• Resultant Set of Policy (Windows Firewall: rsop)
• Routing and Remote Access (Windows Firewall: rrasmgmt)
• Security Configuration and Analysis (Windows Firewall: sca)
• Services (Windows Firewall: services)
• Shared Folders (Windows Firewall: fsmgmt)
• Telephony (Windows Firewall: tapimgmt)
• Terminal Services Configuration (Windows Firewall: tscc)
• Terminal Services Manager (Windows Firewall: tsadmin)
• UDDI Services Console (Windows Firewall: uddi)
• Windows Management Infrastructure (Windows Firewall: wmimgmt)
• Windows Media Services (Windows Firewall: wmsadmin)
• Windows Server 2003 Administration Tools Pack (Windows Firewall: adminpak)
• WINS (Windows Firewall: winsmgmt)
• Wireless Monitor (Windows Firewall: wiremon)

Microsoft also has a guide to Windows firewall configuration by server role.

Thanks to David for the pointer to this article.

Related Posts

• Find Windows system uptime from the command line
• Howto: Do not display the name of the user who has locked a Windows computer or server
• Windows XP firewall service is enabled after installing XP SP3 – even if it was previously disabled
• Ports to open on a firewall for SBS 2003 communication
• Howto: Install and Configure Moodle on Windows Server 2003 with IIS 6

Mark Empson has published a nice list of firewall ports used by Windows Server 2008.

Nice reference Mark. I was just looking for a similar list for Windows Server 2003 R2 Domain Controllers, and had to pull the information from a variety of sources. I couldn’t find a nice summary like you’ve made.

Related Posts

• Ports to open on a firewall for SBS 2003 communication
• Updated Documentation: Changes in Functionality From Windows Server 2003 With SP1 to Windows Server 2008
• Determining when a local Windows account password was last changed
• Microsoft releases load simulation tools for desktops
• Find Windows system uptime from the command line

Kiwi CatTools is a free (up to five devices) customizable utility that help network administrators automate configuration backups of their network devices such as routers and switches. It provides email notification and compare reports, highlighting configuration changes. Some of the features of CatTools includes:

• Instant or scheduled device configuration backups where any differences can be instantly emailed to you.
• Send CLI commands via Telnet or SSH to many devices at once.
• Change device configuration at scheduled times.
• Change all of your network device passwords at once.
• Generate various device reports such as Port, MAC, ARP and Version.
• Compare the startup and running configuration of devices.

All versions of CatTools have the same functionality. The extent of that functionality however is limited by the license you are running.

Freeware   Edition

Engineer   Edition

Professional   Edition

Enterprise Edition

Number of Devices in database

5

20

500

Unlimited

Number of Activities in database

5

20

50

Unlimited

Simultaneous TFTP sessions

2

 10

 20

100

Simultaneous Device connections

1

 5

 10

30

Check out the following screenshots of the product. My only disappointment with the product was that there was no Sonicwall firewall preconfigured template. Luckily, there’s detailed instructions on how to define your own devices and activities. The premise is if your device supports Telnet, SSH1, SSH1.5 (Cisco), or SSH2 connectivity, you should be able to script automatic backups and perform other activities on it.

See the list of supported devices and an overview of the pre-configured activities.

Related Posts

• Script to backup Groupwise configuration files on Netware Part I
• Simple script to backup Groupwise 7 configuration files on SLES Linux
• Script to securely backup and export IIS 6.0 Configuration
• Script to securely backup IIS 6.0 Metabase
• Online port forwarding tester

Having problems getting applications to work through your firewall or router? Use the online Port Forwarding Tester to determine if your device is properly configured to pass traffic through the appropriate ports.

This application will automatically detect the public IP address your browser is originating from, or you can specify the IP of your choice. Next, enter the port number to test, and press the check button. The web site will tell you if that port is opened or closed.

If you’re note sure how to open ports on your particular router, check out portforward.com. They have a detailed list of routers and firewalls with step by step directions on setting up port forwarding for different devices.

If you need more information on what port forwarding is and why you would want to enable it, start here or checkout the FAQ. There is also a list of common ports that may need to be opened in order for your particular application to function properly.

Related Posts

• Kiwi CatTools: Schedule automatic backups (and perform other activities) on your network devices
• Windows XP firewall service is enabled after installing XP SP3 – even if it was previously disabled
• Ports to open on a firewall for SBS 2003 communication
• Windows Server Firewall Exceptions for Remote Administration Tools
• VMware VI Toolkit for Windows Beta is now available